Lei Xu,Chunxiao Jiang,Jian Wang,Yong Ren,Jian Yuan,Mohsen Guizani

DOI: https://doi.org/10.1109/ICC.2015.7249454

2015-01-01

Abstract:Privacy issues arising in the process of collecting, publishing and mining individuals' personal data have attracted much attention in recent years. In this paper, we consider a scenario where a data collector collects data from data providers and then publish the data to a data user. To protect data providers' privacy, the data collector performs anonymization on the data. Anonymization usually causes a decline of data utility on which the data user's profit depends, meanwhile, data providers' would provide more data if anonymity is strongly guaranteed. How to make a trade-off between privacy protection and data utility is an important question for data collector. In this paper we model the interactions among data providers/collector/user as a game, and propose a general approach to find the Nash equilibriums of the game. To elaborate the analysis, we also present a specific game formulation which takes k-anonymity as the anonymization method. Simulation results show that the game theoretical analysis can help the data collector to deal with the privacy-utility trade-off.

Li Kuang,Yujia Zhu,Shuqi Li,Xuejin Yan,Han Yan,Shuiguang Deng

DOI: https://doi.org/10.1155/2018/3486529

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:With the rapid development of sensor acquisition technology, more and more data are collected, analyzed, and encapsulated into application services. However, most of applications are developed by untrusted third parties. Therefore, it has become an urgent problem to protect users’ privacy in data publication. Since the attacker may identify the user based on the combination of user’s quasi-identifiers and the fewer quasi-identifier fields result in a lower probability of privacy leaks, therefore, in this paper, we aim to investigate an optimal number of quasi-identifier fields under the constraint of trade-offs between service quality and privacy protection. We first propose modelling the service development process as a cooperative game between the data owner and consumers and employing the Stackelberg game model to determine the number of quasi-identifiers that are published to the data development organization. We then propose a way to identify when the new data should be learned, as well, a way to update the parameters involved in the model, so that the new strategy on quasi-identifier fields can be delivered. The experiment first analyses the validity of our proposed model and then compares it with the traditional privacy protection approach, and the experiment shows that the data loss of our model is less than that of the traditional k-anonymity especially when strong privacy protection is applied.

Yan Leng,Yijun Chen,Xiaowen Dong,Junfeng Wu,Guodong Shi

DOI: https://doi.org/10.2139/ssrn.3875878

2021-01-01

SSRN Electronic Journal

Abstract:There exists a growing concern about the privacy threats inherently encoded in the increasingly available behavioral data. In this paper, we focus on online service providers over which users reveal preferences (e.g., ratings or reviews) as publicly available behavioral data. We model users' strategic interactions in making these decisions as quadratic games on networks, where a user's payoff depends not only on their actions but also on their neighbors in a social interaction network. Based on the assumption that the observed preferences correspond to the Nash equilibrium of the game, we investigate whether eavesdroppers or competitors having access to such behavioral data could potentially infer or even thoroughly learn the hidden social interaction network from the observed user actions, leading to privacy risks at a system level for the platform. We introduce three notions of privacy risks on networks: fundamental privacy, conditional privacy, and practical privacy. We establish necessary and sufficient conditions for fundamental and conditional privacy of the social interaction structure, suggesting that at the system level, such interaction structure is not facing a critical risk of being fully exposed regardless of the amount of data available. To study practical privacy, we further propose and analyze a novel learning framework by solving a joint optimization problem for the network structure and the individual marginal benefits in the game. Extensive experiments on synthetic and real-world data demonstrate the effectiveness of the proposed framework, hence illustrating that behavioral data indeed present substantial privacy risks in practice. Broadly, this study enriches the network privacy literature and provides implications for online platforms by revealing the unexpected consequence of leaking network connections due to public consumer revealed preferences.

Lei Xu,Chunxiao Jiang,Yan Chen,Yong Ren,K. J. Ray Liu

DOI: https://doi.org/10.1109/jstsp.2015.2425798

IF: 7.695

2015-01-01

IEEE Journal of Selected Topics in Signal Processing

Abstract:With the growing popularity of data mining, privacy has become an issue of growing importance. Privacy can be seen as a special type of goods, in a sense that it can be traded by the owner for incentives. In this paper, we consider a private data collecting scenario where a data collector buys data from multiple data owners and employs anonymization techniques to protect data owners' privacy. Anonymization causes a decline of data utility; therefore, the data owner can only sell his data at a lower price if his privacy is better protected. Can one pursue higher data utility while maintaining acceptable privacy? How to balance the trade-off between privacy protection and data utility is an important question for big data. Considering that different data owners treat privacy differently, and their privacy preferences are unknown to the collector, we propose a contract theoretic approach for data collector to deal with the trade-off. By designing an optimal contract, the collector can make rational decisions on how to pay the data owners, and more importantly, how he should protect the owners' privacy. We show that when the collector requires a large amount of data, he should ask data owners who care privacy less to provide as much as possible data. We also find that whenever the collector requires higher utility of data or the data becomes less profitable, the collector should provide a stronger protection of the owners' privacy. Performance of the proposed contract is evaluated by both numerical simulations and real data experiments.

Lei Xu,Chunxiao Jiang,Yi Qian,Yong Ren

DOI: https://doi.org/10.1007/978-3-319-77965-2_3

2018-01-01

Abstract:The privacy issues arising in big data applications can be dealt with an economical way. Privacy can be seen as a special type of goods, in a sense that it can be traded by the owner for incentives. In this chapter, we consider a private data collecting scenario where a data collector buys data from multiple data providers and employs anonymization techniques to protect data providers’ privacy. Anonymization causes a decline of data utility, therefore, the data provider can only sell his data at a lower price if his privacy is better protected. Achieving a balance between privacy protection and data utility is an important question for the data collector. Considering that different data providers treat privacy differently, and their privacy preferences are unknown to the collector, we propose a contract theoretic approach for data collector to deal with the data providers. By designing an optimal contract, the collector can make rational decisions on how to pay the data providers, and how to protect the providers’ privacy. Performance of the proposed contract is evaluated by numerical simulations and experiments on real-world data. The contract analysis shows that when the collector requires a large amount of data, he should ask data providers who care privacy less to provide as much as possible data. We also find that when the collector requires higher utility of data or the data become less profitable, the collector should provide a stronger protection of the providers’ privacy.

Weina Wang,Lei Ying,Junshan Zhang

DOI: https://doi.org/10.48550/arXiv.1603.06870

2016-03-23

Abstract:We study the value of data privacy in a game-theoretic model of trading private data, where a data collector purchases private data from strategic data subjects (individuals) through an incentive mechanism. The private data of each individual represents her knowledge about an underlying state, which is the information that the data collector desires to learn. Different from most of the existing work on privacy-aware surveys, our model does not assume the data collector to be trustworthy. Then, an individual takes full control of its own data privacy and reports only a privacy-preserving version of her data. In this paper, the value of $\epsilon$ units of privacy is measured by the minimum payment of all nonnegative payment mechanisms, under which an individual's best response at a Nash equilibrium is to report the data with a privacy level of $\epsilon$. The higher $\epsilon$ is, the less private the reported data is. We derive lower and upper bounds on the value of privacy which are asymptotically tight as the number of data subjects becomes large. Specifically, the lower bound assures that it is impossible to use less amount of payment to buy $\epsilon$ units of privacy, and the upper bound is given by an achievable payment mechanism that we designed. Based on these fundamental limits, we further derive lower and upper bounds on the minimum total payment for the data collector to achieve a given learning accuracy target, and show that the total payment of the designed mechanism is at most one individual's payment away from the minimum.

Computer Science and Game Theory,Cryptography and Security

Guang Yang,Shibo He,Junshan Zhang,Zhiguo Shi

DOI: https://doi.org/10.1109/tvt.2019.2950907

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:Crowdsensing has been recognized as a promising data collection paradigm, in which a platform outsources sensing tasks to a large number of users. However, requesting users to report raw data may give rise to many practical concerns, such as a significant overhead of communication and central processing, besides users' privacy concerns. In many scenarios (e.g, advertising and recommendation), the data collector directly benefits from statistical aggregation of raw data. Thus motivated, we consider the data collection problem based on user's local histograms, which is intimately related to the fundamental trade-off between the platform's accuracy and users' privacy. Because of users' social relationship, their data are often correlated, indicating that users' privacy may be leaked from others' data. To tackle this challenge, we first utilize Gaussian Markov random fields to model the correlation structure embedded in users' data. The data collection is modeled as a Stackelberg game where the platform decides its reward policy and users decide their noise levels while taking into account the social coupling among users. For the reward policy design, we first establish the relationship between users' Nash equilibrium and the payment mechanism, and then optimize the platform's accuracy under a budget constraint. Further, since the noise levels are users' private information, they may use falsified noise levels to achieve higher payoffs, which in turn impairs the crowdsensing performance. It turns out that with the insight into the correlation structure among users' data, the information asymmetry can be overcome based on peer prediction. We revisit the payment mechanism to guarantee dominant truthfulness of each user's strategy. Theoretical analysis and numerical results demonstrate the effectiveness of the proposed mechanism.

Datong Wu,Xiaotong Wu,Jiaquan Gao,Genlin Ji,Taotao Wu,Xuyun Zhang,Wanchun Dou

DOI: https://doi.org/10.1007/978-981-15-9129-7_15

2020-01-01

Abstract:Privacy preservation has been one of the biggest concerns in data sharing and publishing. The wide-spread application of data sharing and publishing contributes to the utilization of data, but brings a severe risk of privacy leakage. Although the corresponding privacy preservation techniques have been proposed, it is inevitable to decrease the accuracy of data. More importantly, it is a challenge to analyze the behaviors and interactions among different participants, including data owners, collectors and adversaries. For data owners and collectors, they need to select proper privacy preservation mechanisms and parameters to maximize their utility under a certain amount of privacy guarantee. For data adversaries, their objective is to get the sensitive information by various attack measurements. In this paper, we survey the related work of game theory-based privacy preservation under data sharing and publishing. We also discuss the possible trends and challenges of the future research. Our survey provides a systematic and comprehensive understanding about privacy preservation problems under data sharing and publishing.

Xiaotong Wu,Taotao Wu,Maqbool Khan,Qiang Ni,Wanchun Dou

DOI: https://doi.org/10.1109/tbdata.2017.2701817

2016-01-01

Abstract:Privacy preservation is one of the greatest concerns in big data. As one of extensive applications in big data, privacy preserving data publication (PPDP) has been an important research field. One of the fundamental challenges in PPDP is the trade-off problem between privacy and utility of the single and independent data set. However, recent research has shown that the advanced privacy mechanism, i.e., differential privacy, is vulnerable when multiple data sets are correlated. In this case, the trade-off problem between privacy and utility is evolved into a game problem, in which payoff of each player is dependent on his and his neighbors' privacy parameters. In this paper, we first present the definition of correlated differential privacy to evaluate the real privacy level of a single data set influenced by the other data sets. Then, we construct a game model of multiple players, in which each publishes data set sanitized by differential privacy. Next, we analyze the existence and uniqueness of the pure Nash Equilibrium. We refer to a notion, i.e., the price of anarchy, to evaluate efficiency of the pure Nash Equilibrium. Finally, we show the correctness of our game analysis via simulation experiments.

Zhiqiang Yang,Sheng Zhong,Rebecca N. Wright

DOI: https://doi.org/10.1145/1081870.1081909

2005-01-01

Abstract:ABSTRACTProtection of privacy has become an important problem in data mining. In particular, individuals have become increasingly unwilling to share their data, frequently resulting in individuals either refusing to share their data or providing incorrect data. In turn, such problems in data collection can affect the success of data mining, which relies on sufficient amounts of accurate data in order to produce meaningful results. Random perturbation and randomized response techniques can provide some level of privacy in data collection, but they have an associated cost in accuracy. Cryptographic privacy-preserving data mining methods provide good privacy and accuracy properties. However, in order to be efficient, those solutions must be tailored to specific mining tasks, thereby losing generality.In this paper, we propose efficient cryptographic techniques for online data collection in which data from a large number of respondents is collected anonymously, without the help of a trusted third party. That is, our solution allows the miner to collect the original data from each respondent, but in such a way that the miner cannot link a respondent's data to the respondent. An advantage of such a solution is that, because it does not change the actual data, its success does not depend on the underlying data mining problem. We provide proofs of the correctness and privacy of our solution, as well as experimental data that demonstrates its efficiency. We also extend our solution to tolerate certain kinds of malicious behavior of the participants.

Zhiyu Wan,Yevgeniy Vorobeychik,Weiyi Xia,Yongtai Liu,Myrna Wooders,Jia Guo,Zhijun Yin,Ellen Wright Clayton,Murat Kantarcioglu,Bradley A Malin

DOI: https://doi.org/10.1126/sciadv.abe9986

2021-12-10

Abstract:Person-specific biomedical data are now widely collected, but its sharing raises privacy concerns, specifically about the re-identification of seemingly anonymous records. Formal re-identification risk assessment frameworks can inform decisions about whether and how to share data; current techniques, however, focus on scenarios where the data recipients use only one resource for re-identification purposes. This is a concern because recent attacks show that adversaries can access multiple resources, combining them in a stage-wise manner, to enhance the chance of an attack’s success. In this work, we represent a re-identification game using a two-player Stackelberg game of perfect information, which can be applied to assess risk, and suggest an optimal data sharing strategy based on a privacy-utility tradeoff. We report on experiments with large-scale genomic datasets to show that, using game theoretic models accounting for adversarial capabilities to launch multistage attacks, most data can be effectively shared with low re-identification risk.

Mengyuan Zhang,Lei Yang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1109/tnet.2021.3056490

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for sensing tasks. The workers are allowed to report noisy versions of their data for privacy protection; and the platform selects workers by taking into account their sensing capabilities to ensure the accuracy level of the aggregated result. Observe that when moving the control of data privacy from the data aggregator to the workers, the data aggregator has limited market power in the sense that it can only partially control the noise by judiciously choosing a subset of workers based on workers' privacy preferences. This introduces externalities because the privacy of each worker depends on the total noise in the aggregated result that in turn relies on which workers are selected. Specifically, we first consider a privacy-passive scenario where workers participate if their privacy loss can be adequately compensated by the rewards. We explicitly characterize the externalities and the hidden monotonicity property of the problem, making it possible to design a truthful, individually rational and computationally efficient incentive mechanism. We then extend the results to a privacy-proactive scenario where workers have individual requirements for their perceivable data privacy levels. Our proposed mechanisms for both scenarios can select a subset of workers to (nearly) minimize the cost of purchasing their private sensing data subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Lei Xu,Chunxiao Jiang,Yi Qian,Youjian Zhao,Jianhua Li,Yong Ren

DOI: https://doi.org/10.1109/tifs.2016.2611487

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Recently, the conflict between exploiting the value of personal data and protecting individuals’ privacy has attracted much attention. Personal data market provides a promising solution to this conflict, while determining the price of privacy is a tough issue. In this paper, we study the pricing problem in a setting where a data collector sequentially buys data from multiple data owners whose valuations of privacy are randomly drawn from an unknown distribution. To maximize the total payoff, the collector needs to dynamically adjust the prices offered to owners. We model the sequential decision-making problem of the collector as a multi-armed bandit problem with each arm representing a candidate price. Specifically, the privacy protection technique adopted by the collector is taken into account. Protecting privacy generally causes a negative effect on the value of data, and this effect is embodied by the time-variant distributions of the rewards associated with arms. Based on the classic upper confidence bound policy, we propose two learning policies for the bandit problem. The first policy estimates the expected reward of a price by counting how many times the price has been accepted by data owners. The second policy treats the time-variant data value as a context and uses ridge regression to estimate the rewards in different contexts. Simulation results on real-world data demonstrate that by applying the proposed policies, the collector can get a payoff which is close to that he can get by setting a fixed price, which is the best in hindsight, for all data owners.

Lei Xu,Chunxiao Jiang,Yi Qian,Jianhua Li,Youjian Zhao,Yong Ren

DOI: https://doi.org/10.1109/tbdata.2017.2777968

2017-01-01

IEEE Transactions on Big Data

Abstract:Nowadays the privacy issue arising in data mining applications has attracted much attention. In the context of distributed data mining, a major concern of the participant is that its privacy may be disclosed to other participants or a third party. To protect privacy, one can apply a differential privacy approach to perturb the data before sharing them with others, which generally causes a negative effect on the mining result. Thus there is a trade-off between privacy and the mining result. In this paper, we study a distributed classification scenario where a mediator builds a classifier based on the perturbed query results returned by a number of users. We propose a game theoretical approach to analyze how users choose their privacy budgets. Specifically, interactions among users are modeled as a game in satisfaction form. And an algorithm is proposed for users to learn the satisfaction equilibrium (SE) of the game. Experimental results demonstrate that, when the differences among users’ expectations are not significant, the proposed learning algorithm can converge to an SE, at which every user achieves a balance between the accuracy of the classifier and the preserved privacy.

Nivasini Ananthakrishnan,Tiffany Ding,Mariel Werner,Sai Praneeth Karimireddy,Michael I. Jordan

2024-04-17

Abstract:We study price-discrimination games between buyers and a seller where privacy arises endogenously--that is, utility maximization yields equilibrium strategies where privacy occurs naturally. In this game, buyers with a high valuation for a good have an incentive to keep their valuation private, lest the seller charge them a higher price. This yields an equilibrium where some buyers will send a signal that misrepresents their type with some probability; we refer to this as buyer-induced privacy. When the seller is able to publicly commit to providing a certain privacy level, we find that their equilibrium response is to commit to ignore buyers' signals with some positive probability; we refer to this as seller-induced privacy. We then turn our attention to a repeated interaction setting where the game parameters are unknown and the seller cannot credibly commit to a level of seller-induced privacy. In this setting, players must learn strategies based on information revealed in past rounds. We find that, even without commitment ability, seller-induced privacy arises as a result of reputation building. We characterize the resulting seller-induced privacy and seller's utility under no-regret and no-policy-regret learning algorithms and verify these results through simulations.

Computer Science and Game Theory

Lei Xu,Chunxiao Jiang,Yi Qian,Yong Ren

DOI: https://doi.org/10.1007/978-3-319-77965-2_6

2018-01-01

Abstract:An important issue in distributed data mining is privacy. It is necessary for each participant to make sure that its privacy is not disclosed to other participants or a third party. To protect privacy, one can apply a differential privacy approach to perturb the data before sharing them with others, which generally hurts the mining result. That is to say, the participant faces a trade-off between privacy and the mining result. In this chapter, we study a distributed classification scenario where a mediator builds a classifier based on the perturbed query results returned by a number of users. A game theoretical approach is proposed to analyze how users choose their privacy budgets. Specifically, interactions among users are modeled as a game in satisfaction form. And an algorithm is proposed for users to learn the satisfaction equilibrium (SE) of the game. Experimental results demonstrate that, when the differences among users’ expectations are not significant, the proposed learning algorithm can converge to an SE, at which every user achieves a balance between the accuracy of the classifier and the preserved privacy.

Guocheng Liao,Xu Chen,Jianwei Huang

DOI: https://doi.org/10.1109/TNET.2019.2951713

2020-02-14

IEEE/ACM Transactions on Networking

Abstract:We study a problem of privacy-preserving mechanism design. A data collector wants to obtain data from individuals to perform some computations. To relieve the privacy threat to the contributors, the data collector adopts a privacy-preserving mechanism by adding random noise to the computation result, at the cost of reduced accuracy. Individuals decide whether to contribute data when faced with the privacy issue. Due to the intrinsic uncertainty in privacy protection, we model individuals’ privacy-related decision using Prospect Theory. Such a theory more accurately models individuals’ behavior under uncertainty than the traditional expected utility theory, whose prediction always deviates from practical human behavior. We show that the data collector’s utility maximization problem involves a polynomial of high and fractional order, the root of which is difficult to compute analytically. We get around this issue by considering a large population approximation, and obtain a closed-form solution that well approximates the precise solution. We discover that the data collector who considers the more realistic Prospect Theory based individual decision modeling would adopt a more conservative privacy-preserving mechanism, compared with the case based on the expected utility theory modeling. We also study the impact of Prospect Theory parameters, and concludes that more loss-averse or risk-seeking individuals will trigger a more conservative mechanism. When individuals have different Prospect Theory parameters, simulations demonstrate that the privacy protection first becomes stronger and then becomes weaker as the heterogeneity increases from a low value to a high one.

Xiao-Bai Li,Srinivasan Raghunathan

DOI: https://doi.org/10.1016/j.dss.2013.10.006

IF: 6.969

2014-03-01

Decision Support Systems

Abstract:Organizations today regularly share their customer data with their partners to gain competitive advantages. They are also often requested or even required by a third party to provide customer data that are deemed sensitive. In these circumstances, organizations are obligated to protect the privacy of the individuals involved while still benefiting from sharing data or meeting the requirement for releasing data. In this study, we analyze the tradeoff between privacy and data utility from the perspective of the data owner. We develop an incentive-compatible mechanism for the data owner to price and disseminate private data. With this mechanism, a data user is motivated to reveal his true purpose of data usage and acquire the data that suits to that purpose. Existing economic studies of information privacy primarily consider the interplay between the data owner and the individuals, focusing on problems that occur in the <i>collection</i> of private data. This study, however, examines the privacy issue facing a data owner organization in the <i>distribution</i> of private data to a third party data user when the real purpose of data usage is unclear and the released data could be misused.

computer science, information systems, artificial intelligence,operations research & management science

Guang ZHU,Xue-lian CAO,Dan YU,Yue SUN

DOI: https://doi.org/10.13833/j.issn.1007-7634.2018.06.008

2018-01-01

Abstract:[Purpose/significance]To define the game agents composed of users, libraries and hackers in library context service, and to develop a game model of privacy protection from the perspective of privacy profit, cost and loss, have become a important task in library service.[Method/process]This paper designs the game agents consisted of users, libraries and hackers, and investigates the strategic behavior of privacy protection for them. According to the payoff matrices of different agents, several equilibrium strategies can be found.[Result/conclusion]The analysis results show that the privacy strategies of game agents are related with privacy cost, detect probability of hacker attack and privacy loss. There are two kinds of Nash equilibrium and one kind of Bayesian mixed strategy equilibrium. At last, a numerical verification for the mathematical model is given and several countermeasures and suggestions are proposed for the development of privacy protection and library context service.

Jun Du,Chunxiao Jiang,Shui Yu,Kwang-Cheng Chen,Yong Ren

DOI: https://doi.org/10.1109/globalsip.2016.7905993

2016-01-01

Abstract:Users of social networks can be connected with each other by different communities according to professions, living locations and personal interests. As each user on the social network platforms stores and shows a large amount of personal data, the privacy protection raises as a major concern. This paper establishes a game theoretic framework to model users' interactions to influence users' strategies to take the privacy protection or not. To model the relationship of user communities, we introduce the community-structured evolutionary dynamics. Users' interactions can only happen among those who have at least one common community. Then we analyze the dynamics of users' privacy protection behavior based on the proposed community structured evolutionary game theoretic framework. Results show that social network managers need to provide appropriate security service b and payment mechanism c to ensure that cost performance b/c is larger than the critical cost performance, which can promote the spread of the privacy security behavior over the network. Moreover, results can help to design appropriate structure of the social network and control the convergence speed that all users take the privacy protection.